CVE-2020-4888
CVE-2020-4888
In short
IBM QRadar SIEM versions 7.4.0-7.4.2 Patch 1 and 7.3.0-7.3.3 Patch 7 can be exploited remotely through insecure Java deserialization to run arbitrary commands on the system. An attacker sends a specially crafted serialized Java object to execute malicious code.
Technical detail
Remote code execution vulnerability in IBM QRadar SIEM caused by unsafe deserialization of untrusted Java objects. An unauthenticated attacker can transmit a malicious serialized object to trigger arbitrary command execution with the privileges of the QRadar process. Affects versions 7.4.0-7.4.2 Patch 1 and 7.3.0-7.3.3 Patch 7.
Summary generated and translated by AI from the official description.
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 190912.
CVSS:3.0/I:L/AC:L/C:L/S:U/UI:N/A:L/AV:N/PR:L/E:U/RL:O/RC:C
Affected products
IBM · QRadar SIEMWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →